CVE-2007-2772
published 2007-05-21CVE-2007-2772: (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial…
PriorityP337high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
12.06%
95.6th percentile
(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ca | brightstor_arcserve_backup | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Denial of Service
exploitdb·2007-05-16
CVE-2007-2772 CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Denial of Service
CA BrightStor Backup 11.5.2.0 - 'Mediasvr.exe' Denial of Service
---
#!/usr/bin/python
#
# Computer Associates (CA) Brightstor Backup Mediasvr.exe DoS (catirpc.dll/rwxdr.dll)
# (Previously Unknown)
#
# There is an issue with RPC operation 126 and the imported cactirpc.dll
# and rwxdr.dll. It looks as if Mediasvr.exe identifies a Bad Job Handle
# as seen in its log file.
#
# Log Message:
# asms_manager_job_enumerate_devices_1_svc(): Bad Job Handle.
#
# However, the process dies when trying to send an RPC response
# for the bad job handle. This is caused be a null memory dereference.
# Within cactirpc.dll, the xdr_rwpair function is called:
#
# Catirpc.dll:2E008A93 loc_2E008A93:
# Catirpc.dll:2E008A93 mov ecx, [esi+10h]
# Catirpc.dll:2E008A96 push ecx \n' % sys.argv[0]
sys.exit(-1)
print
Exploit-DB
CA BrightStor Backup 11.5.2.0 - 'caloggderd.exe' Denial of Service
exploitdb·2007-05-16
CVE-2007-2772 CA BrightStor Backup 11.5.2.0 - 'caloggderd.exe' Denial of Service
CA BrightStor Backup 11.5.2.0 - 'caloggderd.exe' Denial of Service
---
#!/usr/bin/python
#
# Computer Associates (CA) Brightstor Backup caloggderd.exe DoS (camt70.dll)
# (Previously Unknown)
#
# There is an issue in camt70.dll when caloggerd is processing a hostname for a login operation.
# When processing the string, if a null is passed in as an argument, it will be loaded into ESI
# and then loaded into EDI in which the string processing will read a null memory location.
#
# .text:0032ADD0 push ecx
# .text:0032ADD1 mov eax, [esp+4+arg_4]
# .text:0032ADD5 push esi
# .text:0032ADD6 mov esi, [esp+8+arg_8] \n' % sys.argv[0]
sys.exit(-1)
print '[+] Computer Associates (CA) Brightstor Backup caloggerd.exe DoS (camt70.dll)'
print '[+] Author: Shirkdog'
GetCALoggerPort(target)
# milw0rm.com
No writeups or analysis indexed.
http://osvdb.org/35327http://osvdb.org/35328http://secunia.com/advisories/25300http://securityreason.com/securityalert/2727http://supportconnectw.ca.com/public/storage/infodocs/babmedservul-secnotice.asphttp://www.securityfocus.com/archive/1/468784/100/0/threadedhttp://www.securitytracker.com/id?1018076http://www.vupen.com/english/advisories/2007/1849https://exchange.xforce.ibmcloud.com/vulnerabilities/34319https://exchange.xforce.ibmcloud.com/vulnerabilities/34322https://www.exploit-db.com/exploits/3939https://www.exploit-db.com/exploits/3940http://osvdb.org/35327http://osvdb.org/35328http://secunia.com/advisories/25300http://securityreason.com/securityalert/2727http://supportconnectw.ca.com/public/storage/infodocs/babmedservul-secnotice.asphttp://www.securityfocus.com/archive/1/468784/100/0/threadedhttp://www.securitytracker.com/id?1018076http://www.vupen.com/english/advisories/2007/1849https://exchange.xforce.ibmcloud.com/vulnerabilities/34319https://exchange.xforce.ibmcloud.com/vulnerabilities/34322https://www.exploit-db.com/exploits/3939https://www.exploit-db.com/exploits/3940
2007-05-21
Published